hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 03:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

add taint step through the colorette library

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2021-06-22 23:02:01 +02:00
parent e4427bb34a
commit d114cdc6e5
4 changed files with 65 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
javascript/ql/src/semmle/javascript/frameworks/Logging.qll
View File

@@ -240,3 +240,15 @@ class WrapAnsiStep extends TaintTracking::SharedTaintStep {
)
}
}
/**
* A step through the [`colorette`](https://npmjs.org/package/colorette) library.
*/
class ColoretteStep extends TaintTracking::SharedTaintStep {
override predicate stringManipulationStep(DataFlow::Node pred, DataFlow::Node succ) {
exists(API::CallNode call | call = API::moduleImport("colorette").getAMember().getACall() |
pred = call.getArgument(0) and
succ = call
)
}
}